The present invention relates to schemes for user access to computer systems, and in particular to systems and methods for policy based privileged user access management.
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
For reasons relating to auditing, security, and compliance, organizations need to monitor access to critical business systems. Internal auditing typically requires that activities performed by system administrators or privileged users be monitored and reviewed. Accordingly, security or IT departments may strictly control access to sensitive areas. Moreover, compliance requirements may limit access to types of data for privacy, export control, and other reasons.
At the same time, however, businesses seek to operate with the greatest flexibility possible. For example it may be desirable to grant temporary access to business systems in order to allow the performance of emergency activities.
As applications evolve to support web and mobile access, conventional mechanisms to proxy authentication and monitor activity may no longer be sufficiently flexible to accommodate user needs. Additionally, the types of scenarios supported by emergency access systems for databases and operating systems may tend to focus on user management, rather than on end-to-end (emergency) scenarios including access and activity monitoring.
Thus, there is a need for a common approach allowing customers emergency access across various types of applications and systems supporting temporary/emergency access scenarios. Embodiments address these and other issues by providing systems and methods for policy based privileged user access management.